From 51331fc0030a03e59c23a085f1732a0c979084ee Mon Sep 17 00:00:00 2001
From: RISCi_ATOM <bob@bobcall.me>
Date: Mon, 20 Nov 2017 11:41:06 -0500
Subject: [PATCH] Fix Busybox CVE-2017-16544 issue

---
 .../patches/900-fix_cve2017-16544.patch       | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 package/utils/busybox/patches/900-fix_cve2017-16544.patch

diff --git a/package/utils/busybox/patches/900-fix_cve2017-16544.patch b/package/utils/busybox/patches/900-fix_cve2017-16544.patch
new file mode 100644
index 0000000000..4fd77e81d5
--- /dev/null
+++ b/package/utils/busybox/patches/900-fix_cve2017-16544.patch
@@ -0,0 +1,22 @@
+--- a/libbb/lineedit.c
++++ b/libbb/lineedit.c
+@@ -632,6 +632,19 @@ static void free_tab_completion_data(voi
+ 
+ static void add_match(char *matched)
+ {
++	unsigned char *p = (unsigned char*)matched;
++	while (*p) {
++		/* ESC attack fix: drop any string with control chars */
++		if (*p < ' '
++		 || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
++		 || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
++		) {
++			free(matched);
++			return;
++		}
++		p++;
++	}
++
+ 	matches = xrealloc_vector(matches, 4, num_matches);
+ 	matches[num_matches] = matched;
+ 	num_matches++;
-- 
2.25.1